You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/02/18 22:01:01 UTC

svn commit: r1447491 - /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java

Author: angela
Date: Mon Feb 18 21:01:01 2013
New Revision: 1447491

URL: http://svn.apache.org/r1447491
Log:
OAK-527: permissions (wip)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java?rev=1447491&r1=1447490&r2=1447491&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java Mon Feb 18 21:01:01 2013
@@ -25,11 +25,13 @@ import org.apache.jackrabbit.JcrConstant
 import org.apache.jackrabbit.oak.api.CommitFailedException;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.core.TreeImpl;
 import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
 import org.apache.jackrabbit.oak.spi.commit.Validator;
 import org.apache.jackrabbit.oak.spi.security.authorization.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.Permissions;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
+import org.apache.jackrabbit.oak.spi.state.NodeStateUtils;
 
 /**
  * Validator implementation that checks for sufficient permission for all
@@ -39,7 +41,6 @@ class PermissionValidator implements Val
 
     /* TODO
      * - Renaming nodes or Move with same parent are reflected as remove+add -> needs special handling
-     * - review usage of OAK_CHILD_ORDER property (in particular if the property was removed
      * - Proper handling of jcr:nodeTypeManagement privilege.
      */
 
@@ -76,7 +77,11 @@ class PermissionValidator implements Val
 
     @Override
     public void propertyChanged(PropertyState before, PropertyState after) throws CommitFailedException {
-        checkPermissions(parentAfter, after, Permissions.MODIFY_PROPERTY);
+        if (TreeImpl.OAK_CHILD_ORDER.equals(after.getName())) {
+            checkPermissions(parentAfter, false, Permissions.MODIFY_CHILD_NODE_COLLECTION);
+        } else {
+            checkPermissions(parentAfter, after, Permissions.MODIFY_PROPERTY);
+        }
     }
 
     @Override
@@ -131,9 +136,11 @@ class PermissionValidator implements Val
 
     private void checkPermissions(@Nonnull Tree parent, @Nonnull PropertyState property,
                                   long defaultPermission) throws CommitFailedException {
-        long toTest = getPermission(parent, property, defaultPermission);
-        if (!permissionProvider.isGranted(parent, property, toTest)) {
-            throw new CommitFailedException(new AccessDeniedException());
+        if (!NodeStateUtils.isHidden((property.getName()))) {
+            long toTest = getPermission(parent, property, defaultPermission);
+            if (!permissionProvider.isGranted(parent, property, toTest)) {
+                throw new CommitFailedException(new AccessDeniedException());
+            }
         }
     }